summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorDaniel Friesel <derf@finalrewind.org>2011-02-09 20:22:05 +0100
committerDaniel Friesel <derf@finalrewind.org>2011-02-09 20:22:05 +0100
commit0a31528663cafafc9382b602d7f9e08c1bf6bf84 (patch)
treed223a075c7e19b4d2752beb4787edaa0d4585f02 /ChangeLog
parent23421a86cc826dd30f3dc4f62057fafb04b3ac40 (diff)
Update changelog
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog10
1 files changed, 8 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 2d656ba..41742ae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,9 +3,15 @@ git HEAD
* Add --zoom fill as equivalent for --auto-zoom
* Add --zoom max (zooming like in --bg-max)
* --menu-style is now deprecated
+
+Wed, 09 Feb 2011 20:11:26 +0100 Daniel Friesel <derf@finalrewind.org>
+
+* Release v1.11.2
* Use wget --no-clobber to prevent TOCTTOU-based hole allowing a
- well-informed attacker to rewrite arbitrary user files. An attacker can
- still use it to _create_ arbitrary files.
+ well-informed attacker to rewrite arbitrary user files with images.
+ The attacker needs to know feh's PID and the URL the user gave it.
+ It is still possible for an attacker to _create_ arbitrary files via the
+ same hole.
Wed, 26 Jan 2011 21:07:19 +0100 Daniel Friesel <derf@finalrewind.org>